<?php
error_reporting(0);
session_start(); 
//set_magic_quotes_runtime(0);
extract($_REQUEST);//在php.ini下不用设置register_globals=On，就可以直接获取post的值了。
if(function_exists('date_default_timezone_set')){date_default_timezone_set('Hongkong');}


$error_show=0;
if($error_show=='1'){
    error_reporting(E_ALL); 
    ini_set('display_errors', '1');
}


$speed_headtime=explode(' ',microtime());
$speed_headtime=$speed_headtime[0]+$speed_headtime[1];
if(PHP_VERSION < '4.1.0') {
	$_GET = &$HTTP_GET_VARS;
	$_POST = &$HTTP_POST_VARS;
	$_COOKIE = &$HTTP_COOKIE_VARS;
	$_SERVER = &$HTTP_SERVER_VARS;
	$_ENV = &$HTTP_ENV_VARS;
	$_FILES = &$HTTP_POST_FILES;
}


if( PHP_VERSION >= 6 ||  !get_magic_quotes_gpc() ){
	$_POST=Add_S($_POST);
	$_GET=Add_S($_GET);
	$_COOKIE=Add_S($_COOKIE);
}

function Add_S($array){
	foreach($array as $key=>$value){
		if(!is_array($value)){
			$value=str_replace("&#x","& # x",$value);	//过滤一些不安全字符
			$array[$key]=addslashes($value);			
		}else{
			$array[$key]=Add_S($array[$key]);
		}
	}
	return $array;
}


if(!ini_get('register_globals')){
	@extract($_COOKIE,EXTR_SKIP);
	@extract($_FILES,EXTR_SKIP);
}
function filtrate_common($msg){	
	$msg = str_replace("#","&#35;",$msg);
	$msg = str_replace('&','&#38;',$msg);	
	$msg = str_replace('"','&quot;',$msg);
	$msg = str_replace("'",'&#39;',$msg);
	$msg = str_replace("<","&lt;",$msg);
	$msg = str_replace(">","&gt;",$msg);		
	$msg = str_replace("(","&#40;",$msg);
	$msg = str_replace(")","&#41;",$msg);
	return $msg;
}
function huanyuan($msg){
	$msg = str_replace("&#35;","#",$msg);
	$msg = str_replace('&#38;','&',$msg);	
	$msg = str_replace('&quot;','"',$msg);
	$msg = str_replace("&#39;","'",$msg);
	$msg = str_replace("&lt;","<",$msg);
	$msg = str_replace("&gt;",">",$msg);
	$msg = str_replace("&#40;","(",$msg);
	$msg = str_replace("&#41;",")",$msg);
	return $msg;

}

foreach($_POST as $_key=>$_value){
	//!ereg("^\_[A-Z]+",$_key) && $$_key=$_POST[$_key];
	$$_key=filtrate_common($_POST[$_key]);
}
foreach($_GET as $_key=>$_value){
	//!ereg("^\_[A-Z]+",$_key) && $$_key=$_GET[$_key];
	$$_key=filtrate_common($_GET[$_key]);
}
define('CHEN', substr(dirname(__FILE__), 0, -4).'/');
ob_start();		//ob_start('ob_gzhandler');
unset($webdb,$Html_Type,$erp);
header("Content-Type:text/html;charset=utf-8");
$PHP_SELF_TEMP=$_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$_SERVER['QUERY_STRING'] && $PHP_SELF_TEMP .= "?".$_SERVER['QUERY_STRING'];
$PHP_SELF=$_SERVER['REQUEST_URI']?$_SERVER['REQUEST_URI']:$PHP_SELF_TEMP;
$HTTP_HOST=$_SERVER['HTTP_HOST']?$_SERVER['HTTP_HOST']:$HTTP_SERVER_VARS['HTTP_HOST'];
$WEBURL='http://'.$HTTP_HOST.$PHP_SELF;
$WEBURL1='http://'.$HTTP_HOST.'';
$FROMURL=$_SERVER["HTTP_REFERER"]?$_SERVER["HTTP_REFERER"]:$HTTP_SERVER_VARS["HTTP_REFERER"];
$FROMURL=($FROMURL);
$WEBURL=($WEBURL);
require_once(CHEN.'inc/function.inc.php');
if($_SERVER['HTTP_CLIENT_IP']){
     $onlineip=$_SERVER['HTTP_CLIENT_IP'];
}elseif($_SERVER['HTTP_X_FORWARDED_FOR']){
     $onlineip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
     $onlineip=$_SERVER['REMOTE_ADDR'];
}
$onlineip = preg_replace("/^([\d\.]+).*/", "\\1", filtrate($onlineip));
preg_match("/[\d\.]{7,15}/", $onlineip, $onlineipArray);
$onlineip = $onlineipArray[0] ? $onlineipArray[0] : '0.0.0.0';
unset($onlineipArray);
require_once(CHEN."inc/mysql_config.php");
require_once(CHEN.'inc/mysql_class.php');
$db=new MYSQL_DB;
$webdb=$db->get_one("SELECT * FROM {$pre}system");
$timestamp=time();
require_once(CHEN.'inc/webscan.php');
$Webscan=new Webscan();
if ($Webscan->check()) {
    exit('err');
}
require_once(CHEN.'inc/session_user.php');
$start_time = explode(' ',microtime());      
?>